472d971f2f58618e4e595ac26e1e103e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

472d971f2f58618e4e595ac26e1e103e_JaffaCakes118
Size

813KB
MD5

472d971f2f58618e4e595ac26e1e103e
SHA1

3d3a946023777ca976af0443e81643b690464f2e
SHA256

7d89b6328e4534916baa412338e37de57c7c03b1ccd25b667b5e886772ad1e99
SHA512

bf598de6ed0392adc95833d3a1ca7081afb870413682f4d687f35406b5d36d878b73b2c058381d47b78ab1a6e7a6b24d177e623e57852d5f67c2f14cf5e14191
SSDEEP

12288:C9nBcndbM676/6DzMrjjAGQuccBv5vfBfks2NkCeEBJaxj5w1SUJU3fu5HBT:C9IdbMwD38mq55ekCzDij6vJU3G5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
472d971f2f58618e4e595ac26e1e103e_JaffaCakes118

Files

472d971f2f58618e4e595ac26e1e103e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

69490018f993dd7be0db090df174ba53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetPrivateProfileIntW
HeapCreate
GetShortPathNameW
DeleteFileA
SetStdHandle
EnterCriticalSection
GetCurrentProcess
HeapFree
lstrcpyA
GetVolumePathNameW
SetEnvironmentVariableA
SetCurrentDirectoryA
GetStringTypeA
GetConsoleTitleA
GetTickCount
CreateMutexW
SetVolumeLabelA
LeaveCriticalSection

aaclient

OpenKeyReader
g_fnStartTransport
LoadClientAdapter
OpenKeyReaderWriter

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gdata
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fdata
Size: 801KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ